Europe braces for Russian hacking in upcoming elections

German Chancellor Angela Merkel, Vice Chancellor Sigmar Gabriel, Interior Minister Thomas de Maiziere and the State Premier of the southwestern federal state of Saarland Annegret Kramp-Karrenbauer at an IT summit in Germany | Oliver Dietze/AFP via Getty Images

European governments are bracing for cyber-meddling by Moscow in upcoming national elections in France, the Netherlands and Germany.

Amid uproar in the United States over CIA findings that Russian hackers interceded in the election to help President-elect Donald Trump, a series of incidents in Europe have led to stark warnings by high-level officials, particularly in Germany, and by cybersecurity experts who say online political and information warfare is certain to worsen.

In a remarkable two-page warning late last week, Hans-Georg Maaßen, the head of Germany’s Federal Office for Protection of the Constitution, a domestic security agency, said there was a clear threat from Russian hackers seeking to sow “uncertainty in German society” and to destabilize the country.

“In the political arena we see increasing and aggressive cyber-espionage,” Maaßen said. “We see a potential hazard to members of the German government, the Bundestag and employees of democratic parties through cyber-operations.” On Monday, German MPs across the political spectrum echoed those worries.

During the American election, Russian President Vladimir Putin expressed admiration for Trump, who returned the compliment. (Former Secretary of State Hillary Clinton, meanwhile, is known for her combative relationship with Putin.)

The Kremlin also has clear preferences when it comes to elections in Europe — and a far more direct economic stake in the outcome.

In Germany, where Russian hackers have previously taken aim at Chancellor Angela Merkel’s party, the Christian Democratic Union, there are concerns Russian cyber-meddlers could help tilt federal elections toward the far-right Alternative for Germany party, which has made gains in recent regional elections in part because of public distrust of Merkel’s handling of the migrant crisis. Merkel, even before announcing she would run for a fourth term as chancellor, had warned Russian hacking was now a part of daily life and could be a factor in the elections.

Already this year, Russia’s state-controlled media hyped a claim — later proved false by German investigators — that a 13-year-old Russian immigrant girl had been raped in Berlin by migrants. The Russian coverage of the case led to street demonstrations and Russian Foreign Minister Sergey Lavrov even demanded publicly that the case “not be swept under the rug.”

In France, Marine Le Pen, the leader of the far-right National Front, has admitted taking an €11 million loan from a Russian bank, and had hoped to get much more. But Russian cyber-operatives might be just as content to aid the conservative candidate François Fillon, who is known as a long-time defender of Russia and a critic of Western sanctions against the Kremlin.

In a recent report forecasting major threat trends, Kaspersky Lab, the Moscow-based cybersecurity powerhouse, said a new era of cyber-sabotage had begun.

“In 2016, the world started to take seriously the dumping of hacked information for aggressive purposes,” the firm’s top security analysts wrote. Such attacks are likely to increase in 2017, and there is a risk that attackers will try to exploit people’s willingness to accept such data as fact by manipulating or selectively disclosing information.”

While Russian interference in the U.S. election has attracted far more attention, the tiny Balkan nation of Montenegro, which is in the process of joining NATO, came under a barrage of cyber-attacks on the day it held parliamentary elections in October. There were also reports of Moscow funneling money to opponents of Montenegro’s pro-NATO government, which ultimately won the election despite the interference.

Also in recent weeks, there were reports of a Russian-directed false news campaign aimed at defeating the December 4 constitutional referendum in Italy. Voters rejected the changes, prompting the resignation of Prime Minister Matteo Renzi.

Cybersecurity experts have already linked an infiltration of Bundestag computers in 2015 to the same alleged Russian hackers, known as “Fancy Bear” and APT28, who were allegedly responsible for penetrating election systems in Arizona and Illinois last summer. Russia has also been accused of hacking Ukraine’s power grid in 2015, and of carrying out an overwhelming cyber attack on Estonia in 2007.

“Fancy Bear,” which is allegedly connected to Russian’s military intelligence agency, the G.R.U., is one of two Russian-connected hacking groups believed to be responsible for infiltrating the computer systems of the Democratic National Committee and stealing emails and other documents that were leaked to the public.

Those leaks led to the resignation of DNC chairwoman Debbie Wasserman-Schultz and her top aides. Putin, in an interview with Bloomberg News, expressed no interest in who was responsible for the hacks but suggested the leaks were a public service.

Kaspersky Lab, which has published numerous reports on Fancy Bear and the second hacking group, nicknamed “Cozy Bear,” said in its recent analysis that it expects hackers to intensify efforts to cover their tracks and avoid detection as the geopolitical stakes continue to rise.

“As cyberattacks come to play a greater role in international relations, attribution will become a central issue in determining a political course of action – such as retaliation,” the firm wrote, adding that it expected a corresponding “widespread use of misdirection (generally known as false flags) to muddy the waters of attribution.”

This article has been updated to correct a reference to German lawmakers.